Snort Based Network Traffic Anomaly Detector to Improve the Performance of Intrusion Detection System

G.V. Nadiammai, M. Hemalatha

Abstract


Data Mining is the way of identifying the hidden patterns from large amount of data. It is commonly used in a marketing, surveillance, fraud detection and scientific discovery. Intrusion occurs when anyone tries to gain the access of normal user and even exploits attack over the network. Instruction detection deals with the concept of analyzing all sorts of illegal action towards data. IDS and IPS has equal significance in research community. Snort is a software tool that is designed to capture the network packets. It performs pre- processing by its own without the indulgence of security experts. And also it generates alarm if any anomaly packet is found with the help of in-build rules. In this paper snort is used to detect the attack from (one week data) the network packets. The number of attacks detected by misuse based IDS is compared with the enhanced IDS approach obtained by combining anomaly and misuse based IDSs and shows that the improved IDS with NETAD performs well by detecting 133 attacks out of 180 (73%) attacks after training on one week attack free traffic. KDD Cup 99 dataset is taken for the study.

 


Keywords: Intrusion Detection, Snort, Network Traffic Anomaly Detector (NETAD), KDD Cup99 dataset and Real time traffic data.


Full Text:

PDF


DOI: https://doi.org/10.26483/ijarcs.v3i7.1402

Refbacks

  • There are currently no refbacks.




Copyright (c) 2016 International Journal of Advanced Research in Computer Science